summaryrefslogtreecommitdiff
path: root/src/lib/libc/crypt
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2012-07-13 17:49:56 +0000
committercvs2svn <admin@example.com>2012-07-13 17:49:56 +0000
commit6f82d0e8f9756938f04071892206a5af85e676f0 (patch)
tree821921a1dd0a5a3cece91121e121cc63c4b68128 /src/lib/libc/crypt
parent9204e59073bcf27e1487ec4ac46e981902ddd904 (diff)
downloadopenbsd-eric_g2k12.tar.gz
openbsd-eric_g2k12.tar.bz2
openbsd-eric_g2k12.zip
This commit was manufactured by cvs2git to create tag 'eric_g2k12'.eric_g2k12
Diffstat (limited to 'src/lib/libc/crypt')
-rw-r--r--src/lib/libc/crypt/Makefile.inc15
-rw-r--r--src/lib/libc/crypt/arc4random.3138
-rw-r--r--src/lib/libc/crypt/arc4random.c254
-rw-r--r--src/lib/libc/crypt/bcrypt.c338
-rw-r--r--src/lib/libc/crypt/blowfish.3106
-rw-r--r--src/lib/libc/crypt/blowfish.c685
-rw-r--r--src/lib/libc/crypt/crypt.3325
-rw-r--r--src/lib/libc/crypt/crypt.c696
-rw-r--r--src/lib/libc/crypt/crypt2.c104
-rw-r--r--src/lib/libc/crypt/md5crypt.c149
10 files changed, 0 insertions, 2810 deletions
diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
deleted file mode 100644
index 5dbd240bf5..0000000000
--- a/src/lib/libc/crypt/Makefile.inc
+++ /dev/null
@@ -1,15 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.18 2010/10/28 08:34:37 mikeb Exp $
2
3.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt
4
5SRCS+= crypt.c crypt2.c md5crypt.c arc4random.c blowfish.c bcrypt.c
6
7MAN+= crypt.3 blowfish.3 arc4random.3
8MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
9MLINKS+=crypt.3 bcrypt_gensalt.3 crypt.3 bcrypt.3 crypt.3 md5crypt.3
10MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
11MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3
12MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3
13MLINKS+=blowfish.3 blf_cbc_decrypt.3
14MLINKS+=arc4random.3 arc4random_stir.3 arc4random.3 arc4random_addrandom.3
15MLINKS+=arc4random.3 arc4random_buf.3 arc4random.3 arc4random_uniform.3
diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3
deleted file mode 100644
index d9f07ade6e..0000000000
--- a/src/lib/libc/crypt/arc4random.3
+++ /dev/null
@@ -1,138 +0,0 @@
1.\" $OpenBSD: arc4random.3,v 1.27 2008/12/23 18:31:02 deraadt Exp $
2.\"
3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by Niels Provos.
17.\" 4. The name of the author may not be used to endorse or promote products
18.\" derived from this software without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30.\"
31.\" Manual page, using -mandoc macros
32.\"
33.Dd $Mdocdate: December 23 2008 $
34.Dt ARC4RANDOM 3
35.Os
36.Sh NAME
37.Nm arc4random ,
38.Nm arc4random_buf ,
39.Nm arc4random_uniform ,
40.Nm arc4random_stir ,
41.Nm arc4random_addrandom
42.Nd arc4 random number generator
43.Sh SYNOPSIS
44.Fd #include <stdlib.h>
45.Ft u_int32_t
46.Fn arc4random "void"
47.Ft void
48.Fn arc4random_buf "void *buf" "size_t nbytes"
49.Ft u_int32_t
50.Fn arc4random_uniform "u_int32_t upper_bound"
51.Ft void
52.Fn arc4random_stir "void"
53.Ft void
54.Fn arc4random_addrandom "u_char *dat" "int datlen"
55.Sh DESCRIPTION
56The
57.Fn arc4random
58function provides a high quality 32-bit pseudo-random
59number very quickly.
60.Fn arc4random
61seeds itself on a regular basis from the kernel strong random number
62subsystem described in
63.Xr random 4 .
64On each call, an ARC4 generator is used to generate a new result.
65The
66.Fn arc4random
67function uses the ARC4 cipher key stream generator,
68which uses 8*8 8-bit S-Boxes.
69The S-Boxes can be in about (2**1700) states.
70.Pp
71.Fn arc4random
72fits into a middle ground not covered by other subsystems such as
73the strong, slow, and resource expensive random
74devices described in
75.Xr random 4
76versus the fast but poor quality interfaces described in
77.Xr rand 3 ,
78.Xr random 3 ,
79and
80.Xr drand48 3 .
81.Pp
82.Fn arc4random_buf
83fills the region
84.Fa buf
85of length
86.Fa nbytes
87with ARC4-derived random data.
88.Pp
89.Fn arc4random_uniform
90will return a uniformly distributed random number less than
91.Fa upper_bound .
92.Fn arc4random_uniform
93is recommended over constructions like
94.Dq Li arc4random() % upper_bound
95as it avoids "modulo bias" when the upper bound is not a power of two.
96.Pp
97The
98.Fn arc4random_stir
99function reads data using
100.Xr sysctl 3
101from
102.Va kern.arandom
103and uses it to permute the S-Boxes via
104.Fn arc4random_addrandom .
105.Pp
106There is no need to call
107.Fn arc4random_stir
108before using
109.Fn arc4random ,
110since
111.Fn arc4random
112automatically initializes itself.
113.Sh RETURN VALUES
114These functions are always successful, and no return value is
115reserved to indicate an error.
116.Sh SEE ALSO
117.Xr rand 3 ,
118.Xr rand48 3 ,
119.Xr random 3
120.Sh HISTORY
121An algorithm called
122.Pa RC4
123was designed by RSA Data Security, Inc.
124It was considered a trade secret.
125Because it was a trade secret, it obviously could not be patented.
126A clone of this was posted anonymously to USENET and confirmed to
127be equivalent by several sources who had access to the original cipher.
128Because of the trade secret situation, RSA Data Security, Inc. could
129do nothing about the release of the
130.Ql Alleged RC4
131algorithm.
132Since
133.Pa RC4
134was trademarked, the cipher is now referred to as
135.Pa ARC4 .
136.Pp
137These functions first appeared in
138.Ox 2.1 .
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
deleted file mode 100644
index 1697752a1a..0000000000
--- a/src/lib/libc/crypt/arc4random.c
+++ /dev/null
@@ -1,254 +0,0 @@
1/* $OpenBSD: arc4random.c,v 1.23 2012/06/24 18:25:12 matthew Exp $ */
2
3/*
4 * Copyright (c) 1996, David Mazieres <dm@uun.org>
5 * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20/*
21 * Arc4 random number generator for OpenBSD.
22 *
23 * This code is derived from section 17.1 of Applied Cryptography,
24 * second edition, which describes a stream cipher allegedly
25 * compatible with RSA Labs "RC4" cipher (the actual description of
26 * which is a trade secret). The same algorithm is used as a stream
27 * cipher called "arcfour" in Tatu Ylonen's ssh package.
28 *
29 * RC4 is a registered trademark of RSA Laboratories.
30 */
31
32#include <fcntl.h>
33#include <limits.h>
34#include <stdlib.h>
35#include <unistd.h>
36#include <sys/types.h>
37#include <sys/param.h>
38#include <sys/time.h>
39#include <sys/sysctl.h>
40#include "thread_private.h"
41
42#ifdef __GNUC__
43#define inline __inline
44#else /* !__GNUC__ */
45#define inline
46#endif /* !__GNUC__ */
47
48struct arc4_stream {
49 u_int8_t i;
50 u_int8_t j;
51 u_int8_t s[256];
52};
53
54static int rs_initialized;
55static struct arc4_stream rs;
56static pid_t arc4_stir_pid;
57static int arc4_count;
58
59static inline u_int8_t arc4_getbyte(void);
60
61static inline void
62arc4_init(void)
63{
64 int n;
65
66 for (n = 0; n < 256; n++)
67 rs.s[n] = n;
68 rs.i = 0;
69 rs.j = 0;
70}
71
72static inline void
73arc4_addrandom(u_char *dat, int datlen)
74{
75 int n;
76 u_int8_t si;
77
78 rs.i--;
79 for (n = 0; n < 256; n++) {
80 rs.i = (rs.i + 1);
81 si = rs.s[rs.i];
82 rs.j = (rs.j + si + dat[n % datlen]);
83 rs.s[rs.i] = rs.s[rs.j];
84 rs.s[rs.j] = si;
85 }
86 rs.j = rs.i;
87}
88
89static void
90arc4_stir(void)
91{
92 int i, mib[2];
93 size_t len;
94 u_char rnd[128];
95
96 if (!rs_initialized) {
97 arc4_init();
98 rs_initialized = 1;
99 }
100
101 mib[0] = CTL_KERN;
102 mib[1] = KERN_ARND;
103
104 len = sizeof(rnd);
105 sysctl(mib, 2, rnd, &len, NULL, 0);
106
107 arc4_addrandom(rnd, sizeof(rnd));
108
109 /*
110 * Discard early keystream, as per recommendations in:
111 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
112 */
113 for (i = 0; i < 256; i++)
114 (void)arc4_getbyte();
115 arc4_count = 1600000;
116}
117
118static void
119arc4_stir_if_needed(void)
120{
121 pid_t pid = getpid();
122
123 if (arc4_count <= 0 || !rs_initialized || arc4_stir_pid != pid)
124 {
125 arc4_stir_pid = pid;
126 arc4_stir();
127 }
128}
129
130static inline u_int8_t
131arc4_getbyte(void)
132{
133 u_int8_t si, sj;
134
135 rs.i = (rs.i + 1);
136 si = rs.s[rs.i];
137 rs.j = (rs.j + si);
138 sj = rs.s[rs.j];
139 rs.s[rs.i] = sj;
140 rs.s[rs.j] = si;
141 return (rs.s[(si + sj) & 0xff]);
142}
143
144static inline u_int32_t
145arc4_getword(void)
146{
147 u_int32_t val;
148 val = arc4_getbyte() << 24;
149 val |= arc4_getbyte() << 16;
150 val |= arc4_getbyte() << 8;
151 val |= arc4_getbyte();
152 return val;
153}
154
155void
156arc4random_stir(void)
157{
158 _ARC4_LOCK();
159 arc4_stir();
160 _ARC4_UNLOCK();
161}
162
163void
164arc4random_addrandom(u_char *dat, int datlen)
165{
166 _ARC4_LOCK();
167 if (!rs_initialized)
168 arc4_stir();
169 arc4_addrandom(dat, datlen);
170 _ARC4_UNLOCK();
171}
172
173u_int32_t
174arc4random(void)
175{
176 u_int32_t val;
177 _ARC4_LOCK();
178 arc4_count -= 4;
179 arc4_stir_if_needed();
180 val = arc4_getword();
181 _ARC4_UNLOCK();
182 return val;
183}
184
185void
186arc4random_buf(void *_buf, size_t n)
187{
188 u_char *buf = (u_char *)_buf;
189 _ARC4_LOCK();
190 arc4_stir_if_needed();
191 while (n--) {
192 if (--arc4_count <= 0)
193 arc4_stir();
194 buf[n] = arc4_getbyte();
195 }
196 _ARC4_UNLOCK();
197}
198
199/*
200 * Calculate a uniformly distributed random number less than upper_bound
201 * avoiding "modulo bias".
202 *
203 * Uniformity is achieved by generating new random numbers until the one
204 * returned is outside the range [0, 2**32 % upper_bound). This
205 * guarantees the selected random number will be inside
206 * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
207 * after reduction modulo upper_bound.
208 */
209u_int32_t
210arc4random_uniform(u_int32_t upper_bound)
211{
212 u_int32_t r, min;
213
214 if (upper_bound < 2)
215 return 0;
216
217 /* 2**32 % x == (2**32 - x) % x */
218 min = -upper_bound % upper_bound;
219
220 /*
221 * This could theoretically loop forever but each retry has
222 * p > 0.5 (worst case, usually far better) of selecting a
223 * number inside the range we need, so it should rarely need
224 * to re-roll.
225 */
226 for (;;) {
227 r = arc4random();
228 if (r >= min)
229 break;
230 }
231
232 return r % upper_bound;
233}
234
235#if 0
236/*-------- Test code for i386 --------*/
237#include <stdio.h>
238#include <machine/pctr.h>
239int
240main(int argc, char **argv)
241{
242 const int iter = 1000000;
243 int i;
244 pctrval v;
245
246 v = rdtsc();
247 for (i = 0; i < iter; i++)
248 arc4random();
249 v = rdtsc() - v;
250 v /= iter;
251
252 printf("%qd cycles\n", v);
253}
254#endif
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
deleted file mode 100644
index 207e76ea46..0000000000
--- a/src/lib/libc/crypt/bcrypt.c
+++ /dev/null
@@ -1,338 +0,0 @@
1/* $OpenBSD: bcrypt.c,v 1.24 2008/04/02 19:54:05 millert Exp $ */
2
3/*
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Niels Provos.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33/* This password hashing algorithm was designed by David Mazieres
34 * <dm@lcs.mit.edu> and works as follows:
35 *
36 * 1. state := InitState ()
37 * 2. state := ExpandKey (state, salt, password) 3.
38 * REPEAT rounds:
39 * state := ExpandKey (state, 0, salt)
40 * state := ExpandKey(state, 0, password)
41 * 4. ctext := "OrpheanBeholderScryDoubt"
42 * 5. REPEAT 64:
43 * ctext := Encrypt_ECB (state, ctext);
44 * 6. RETURN Concatenate (salt, ctext);
45 *
46 */
47
48#include <stdio.h>
49#include <stdlib.h>
50#include <sys/types.h>
51#include <string.h>
52#include <pwd.h>
53#include <blf.h>
54
55/* This implementation is adaptable to current computing power.
56 * You can have up to 2^31 rounds which should be enough for some
57 * time to come.
58 */
59
60#define BCRYPT_VERSION '2'
61#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
62#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */
63#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */
64
65char *bcrypt_gensalt(u_int8_t);
66
67static void encode_salt(char *, u_int8_t *, u_int16_t, u_int8_t);
68static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t);
69static void decode_base64(u_int8_t *, u_int16_t, u_int8_t *);
70
71static char encrypted[_PASSWORD_LEN];
72static char gsalt[7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1];
73static char error[] = ":";
74
75const static u_int8_t Base64Code[] =
76"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
77
78const static u_int8_t index_64[128] = {
79 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
80 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
81 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
82 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
83 255, 255, 255, 255, 255, 255, 0, 1, 54, 55,
84 56, 57, 58, 59, 60, 61, 62, 63, 255, 255,
85 255, 255, 255, 255, 255, 2, 3, 4, 5, 6,
86 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
87 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
88 255, 255, 255, 255, 255, 255, 28, 29, 30,
89 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
90 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
91 51, 52, 53, 255, 255, 255, 255, 255
92};
93#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
94
95static void
96decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data)
97{
98 u_int8_t *bp = buffer;
99 u_int8_t *p = data;
100 u_int8_t c1, c2, c3, c4;
101 while (bp < buffer + len) {
102 c1 = CHAR64(*p);
103 c2 = CHAR64(*(p + 1));
104
105 /* Invalid data */
106 if (c1 == 255 || c2 == 255)
107 break;
108
109 *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4);
110 if (bp >= buffer + len)
111 break;
112
113 c3 = CHAR64(*(p + 2));
114 if (c3 == 255)
115 break;
116
117 *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
118 if (bp >= buffer + len)
119 break;
120
121 c4 = CHAR64(*(p + 3));
122 if (c4 == 255)
123 break;
124 *bp++ = ((c3 & 0x03) << 6) | c4;
125
126 p += 4;
127 }
128}
129
130static void
131encode_salt(char *salt, u_int8_t *csalt, u_int16_t clen, u_int8_t logr)
132{
133 salt[0] = '$';
134 salt[1] = BCRYPT_VERSION;
135 salt[2] = 'a';
136 salt[3] = '$';
137
138 snprintf(salt + 4, 4, "%2.2u$", logr);
139
140 encode_base64((u_int8_t *) salt + 7, csalt, clen);
141}
142/* Generates a salt for this version of crypt.
143 Since versions may change. Keeping this here
144 seems sensible.
145 */
146
147char *
148bcrypt_gensalt(u_int8_t log_rounds)
149{
150 u_int8_t csalt[BCRYPT_MAXSALT];
151 u_int16_t i;
152 u_int32_t seed = 0;
153
154 for (i = 0; i < BCRYPT_MAXSALT; i++) {
155 if (i % 4 == 0)
156 seed = arc4random();
157 csalt[i] = seed & 0xff;
158 seed = seed >> 8;
159 }
160
161 if (log_rounds < 4)
162 log_rounds = 4;
163 else if (log_rounds > 31)
164 log_rounds = 31;
165
166 encode_salt(gsalt, csalt, BCRYPT_MAXSALT, log_rounds);
167 return gsalt;
168}
169/* We handle $Vers$log2(NumRounds)$salt+passwd$
170 i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
171
172char *
173bcrypt(const char *key, const char *salt)
174{
175 blf_ctx state;
176 u_int32_t rounds, i, k;
177 u_int16_t j;
178 u_int8_t key_len, salt_len, logr, minor;
179 u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
180 u_int8_t csalt[BCRYPT_MAXSALT];
181 u_int32_t cdata[BCRYPT_BLOCKS];
182 int n;
183
184 /* Discard "$" identifier */
185 salt++;
186
187 if (*salt > BCRYPT_VERSION) {
188 /* How do I handle errors ? Return ':' */
189 return error;
190 }
191
192 /* Check for minor versions */
193 if (salt[1] != '$') {
194 switch (salt[1]) {
195 case 'a':
196 /* 'ab' should not yield the same as 'abab' */
197 minor = salt[1];
198 salt++;
199 break;
200 default:
201 return error;
202 }
203 } else
204 minor = 0;
205
206 /* Discard version + "$" identifier */
207 salt += 2;
208
209 if (salt[2] != '$')
210 /* Out of sync with passwd entry */
211 return error;
212
213 /* Computer power doesn't increase linear, 2^x should be fine */
214 n = atoi(salt);
215 if (n > 31 || n < 0)
216 return error;
217 logr = (u_int8_t)n;
218 if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
219 return error;
220
221 /* Discard num rounds + "$" identifier */
222 salt += 3;
223
224 if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT)
225 return error;
226
227 /* We dont want the base64 salt but the raw data */
228 decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);
229 salt_len = BCRYPT_MAXSALT;
230 key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
231
232 /* Setting up S-Boxes and Subkeys */
233 Blowfish_initstate(&state);
234 Blowfish_expandstate(&state, csalt, salt_len,
235 (u_int8_t *) key, key_len);
236 for (k = 0; k < rounds; k++) {
237 Blowfish_expand0state(&state, (u_int8_t *) key, key_len);
238 Blowfish_expand0state(&state, csalt, salt_len);
239 }
240
241 /* This can be precomputed later */
242 j = 0;
243 for (i = 0; i < BCRYPT_BLOCKS; i++)
244 cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j);
245
246 /* Now do the encryption */
247 for (k = 0; k < 64; k++)
248 blf_enc(&state, cdata, BCRYPT_BLOCKS / 2);
249
250 for (i = 0; i < BCRYPT_BLOCKS; i++) {
251 ciphertext[4 * i + 3] = cdata[i] & 0xff;
252 cdata[i] = cdata[i] >> 8;
253 ciphertext[4 * i + 2] = cdata[i] & 0xff;
254 cdata[i] = cdata[i] >> 8;
255 ciphertext[4 * i + 1] = cdata[i] & 0xff;
256 cdata[i] = cdata[i] >> 8;
257 ciphertext[4 * i + 0] = cdata[i] & 0xff;
258 }
259
260
261 i = 0;
262 encrypted[i++] = '$';
263 encrypted[i++] = BCRYPT_VERSION;
264 if (minor)
265 encrypted[i++] = minor;
266 encrypted[i++] = '$';
267
268 snprintf(encrypted + i, 4, "%2.2u$", logr);
269
270 encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
271 encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
272 4 * BCRYPT_BLOCKS - 1);
273 memset(&state, 0, sizeof(state));
274 memset(ciphertext, 0, sizeof(ciphertext));
275 memset(csalt, 0, sizeof(csalt));
276 memset(cdata, 0, sizeof(cdata));
277 return encrypted;
278}
279
280static void
281encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
282{
283 u_int8_t *bp = buffer;
284 u_int8_t *p = data;
285 u_int8_t c1, c2;
286 while (p < data + len) {
287 c1 = *p++;
288 *bp++ = Base64Code[(c1 >> 2)];
289 c1 = (c1 & 0x03) << 4;
290 if (p >= data + len) {
291 *bp++ = Base64Code[c1];
292 break;
293 }
294 c2 = *p++;
295 c1 |= (c2 >> 4) & 0x0f;
296 *bp++ = Base64Code[c1];
297 c1 = (c2 & 0x0f) << 2;
298 if (p >= data + len) {
299 *bp++ = Base64Code[c1];
300 break;
301 }
302 c2 = *p++;
303 c1 |= (c2 >> 6) & 0x03;
304 *bp++ = Base64Code[c1];
305 *bp++ = Base64Code[c2 & 0x3f];
306 }
307 *bp = '\0';
308}
309#if 0
310void
311main()
312{
313 char blubber[73];
314 char salt[100];
315 char *p;
316 salt[0] = '$';
317 salt[1] = BCRYPT_VERSION;
318 salt[2] = '$';
319
320 snprintf(salt + 3, 4, "%2.2u$", 5);
321
322 printf("24 bytes of salt: ");
323 fgets(salt + 6, sizeof(salt) - 6, stdin);
324 salt[99] = 0;
325 printf("72 bytes of password: ");
326 fpurge(stdin);
327 fgets(blubber, sizeof(blubber), stdin);
328 blubber[72] = 0;
329
330 p = crypt(blubber, salt);
331 printf("Passwd entry: %s\n\n", p);
332
333 p = bcrypt_gensalt(5);
334 printf("Generated salt: %s\n", p);
335 p = crypt(blubber, p);
336 printf("Passwd entry: %s\n", p);
337}
338#endif
diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3
deleted file mode 100644
index 4defaecc34..0000000000
--- a/src/lib/libc/crypt/blowfish.3
+++ /dev/null
@@ -1,106 +0,0 @@
1.\" $OpenBSD: blowfish.3,v 1.20 2007/05/31 19:19:27 jmc Exp $
2.\"
3.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 3. All advertising materials mentioning features or use of this software
15.\" must display the following acknowledgement:
16.\" This product includes software developed by Niels Provos.
17.\" 4. The name of the author may not be used to endorse or promote products
18.\" derived from this software without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30.\"
31.\" Manual page, using -mandoc macros
32.\"
33.Dd $Mdocdate: May 31 2007 $
34.Dt BLOWFISH 3
35.Os
36.Sh NAME
37.Nm blf_key ,
38.Nm blf_enc ,
39.Nm blf_dec ,
40.Nm blf_ecb_encrypt ,
41.Nm blf_ecb_decrypt ,
42.Nm blf_cbc_encrypt ,
43.Nm blf_cbc_decrypt
44.Nd Blowfish encryption
45.Sh SYNOPSIS
46.Fd #include <blf.h>
47.Ft void
48.Fn blf_key "blf_ctx *state" "const u_int8_t *key" "u_int16_t keylen"
49.Ft void
50.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks"
51.Ft void
52.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks"
53.Ft void
54.Fn blf_ecb_encrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
55.Ft void
56.Fn blf_ecb_decrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
57.Ft void
58.Fn blf_cbc_encrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
59.Ft void
60.Fn blf_cbc_decrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
61.Sh DESCRIPTION
62.Em Blowfish
63is a fast unpatented block cipher designed by Bruce Schneier.
64It basically consists of a 16-round Feistel network.
65The block size is 64 bits and the maximum key size is 448 bits.
66.Pp
67The
68.Fn blf_key
69function initializes the 4 8-bit S-boxes and the 18 Subkeys with
70the hexadecimal digits of Pi.
71The key is used for further randomization.
72The first argument to
73.Fn blf_enc
74is the initialized state derived from
75.Fn blf_key .
76The stream of 32-bit words is encrypted in Electronic Codebook
77Mode (ECB) and
78.Fa blocks
79is the number of 64-bit blocks in the stream.
80.Fn blf_dec
81is used for decrypting Blowfish encrypted blocks.
82.Pp
83The functions
84.Fn blf_ecb_encrypt
85and
86.Fn blf_ecb_decrypt
87are used for encrypting and decrypting octet streams in ECB mode.
88The functions
89.Fn blf_cbc_encrypt
90and
91.Fn blf_cbc_decrypt
92are used for encrypting and decrypting octet streams in
93Cipherblock Chaining Mode (CBC).
94For these functions
95.Fa datalen
96specifies the number of octets of data to encrypt or decrypt.
97It must be a multiple of 8 (64-bit block).
98The initialisation vector
99.Fa iv
100points to an 8-byte buffer.
101.Sh SEE ALSO
102.Xr passwd 1 ,
103.Xr crypt 3 ,
104.Xr passwd 5
105.Sh AUTHORS
106.An Niels Provos Aq provos@physnet.uni-hamburg.de
diff --git a/src/lib/libc/crypt/blowfish.c b/src/lib/libc/crypt/blowfish.c
deleted file mode 100644
index c337df8a0a..0000000000
--- a/src/lib/libc/crypt/blowfish.c
+++ /dev/null
@@ -1,685 +0,0 @@
1/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
2/*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35/*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42#if 0
43#include <stdio.h> /* used for debugging */
44#include <string.h>
45#endif
46
47#include <sys/types.h>
48#include <blf.h>
49
50#undef inline
51#ifdef __GNUC__
52#define inline __inline
53#else /* !__GNUC__ */
54#define inline
55#endif /* !__GNUC__ */
56
57/* Function for Feistel Networks */
58
59#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
60 + (s)[0x100 + (((x)>>16)&0xFF)]) \
61 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
62 + (s)[0x300 + ( (x) &0xFF)])
63
64#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
65
66void
67Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
68{
69 u_int32_t Xl;
70 u_int32_t Xr;
71 u_int32_t *s = c->S[0];
72 u_int32_t *p = c->P;
73
74 Xl = *xl;
75 Xr = *xr;
76
77 Xl ^= p[0];
78 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
79 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
80 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
81 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
82 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
83 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
84 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
85 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
86
87 *xl = Xr ^ p[17];
88 *xr = Xl;
89}
90
91void
92Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
93{
94 u_int32_t Xl;
95 u_int32_t Xr;
96 u_int32_t *s = c->S[0];
97 u_int32_t *p = c->P;
98
99 Xl = *xl;
100 Xr = *xr;
101
102 Xl ^= p[17];
103 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
104 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
105 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
106 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
107 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
108 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
109 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
110 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
111
112 *xl = Xr ^ p[0];
113 *xr = Xl;
114}
115
116void
117Blowfish_initstate(blf_ctx *c)
118{
119 /* P-box and S-box tables initialized with digits of Pi */
120
121 static const blf_ctx initstate =
122 { {
123 {
124 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
125 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
126 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
127 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
128 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
129 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
130 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
131 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
132 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
133 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
134 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
135 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
136 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
137 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
138 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
139 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
140 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
141 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
142 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
143 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
144 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
145 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
146 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
147 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
148 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
149 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
150 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
151 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
152 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
153 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
154 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
155 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
156 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
157 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
158 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
159 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
160 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
161 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
162 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
163 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
164 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
165 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
166 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
167 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
168 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
169 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
170 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
171 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
172 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
173 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
174 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
175 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
176 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
177 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
178 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
179 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
180 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
181 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
182 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
183 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
184 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
185 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
186 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
187 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
188 {
189 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
190 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
191 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
192 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
193 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
194 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
195 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
196 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
197 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
198 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
199 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
200 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
201 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
202 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
203 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
204 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
205 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
206 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
207 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
208 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
209 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
210 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
211 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
212 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
213 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
214 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
215 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
216 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
217 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
218 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
219 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
220 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
221 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
222 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
223 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
224 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
225 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
226 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
227 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
228 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
229 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
230 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
231 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
232 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
233 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
234 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
235 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
236 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
237 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
238 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
239 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
240 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
241 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
242 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
243 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
244 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
245 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
246 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
247 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
248 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
249 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
250 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
251 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
252 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
253 {
254 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
255 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
256 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
257 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
258 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
259 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
260 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
261 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
262 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
263 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
264 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
265 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
266 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
267 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
268 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
269 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
270 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
271 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
272 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
273 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
274 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
275 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
276 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
277 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
278 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
279 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
280 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
281 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
282 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
283 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
284 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
285 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
286 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
287 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
288 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
289 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
290 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
291 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
292 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
293 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
294 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
295 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
296 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
297 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
298 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
299 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
300 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
301 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
302 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
303 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
304 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
305 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
306 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
307 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
308 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
309 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
310 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
311 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
312 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
313 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
314 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
315 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
316 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
317 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
318 {
319 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
320 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
321 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
322 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
323 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
324 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
325 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
326 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
327 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
328 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
329 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
330 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
331 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
332 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
333 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
334 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
335 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
336 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
337 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
338 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
339 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
340 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
341 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
342 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
343 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
344 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
345 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
346 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
347 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
348 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
349 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
350 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
351 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
352 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
353 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
354 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
355 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
356 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
357 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
358 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
359 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
360 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
361 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
362 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
363 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
364 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
365 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
366 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
367 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
368 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
369 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
370 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
371 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
372 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
373 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
374 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
375 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
376 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
377 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
378 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
379 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
380 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
381 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
382 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
383 },
384 {
385 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
386 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
387 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
388 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
389 0x9216d5d9, 0x8979fb1b
390 } };
391
392 *c = initstate;
393}
394
395u_int32_t
396Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
397 u_int16_t *current)
398{
399 u_int8_t i;
400 u_int16_t j;
401 u_int32_t temp;
402
403 temp = 0x00000000;
404 j = *current;
405
406 for (i = 0; i < 4; i++, j++) {
407 if (j >= databytes)
408 j = 0;
409 temp = (temp << 8) | data[j];
410 }
411
412 *current = j;
413 return temp;
414}
415
416void
417Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
418{
419 u_int16_t i;
420 u_int16_t j;
421 u_int16_t k;
422 u_int32_t temp;
423 u_int32_t datal;
424 u_int32_t datar;
425
426 j = 0;
427 for (i = 0; i < BLF_N + 2; i++) {
428 /* Extract 4 int8 to 1 int32 from keystream */
429 temp = Blowfish_stream2word(key, keybytes, &j);
430 c->P[i] = c->P[i] ^ temp;
431 }
432
433 j = 0;
434 datal = 0x00000000;
435 datar = 0x00000000;
436 for (i = 0; i < BLF_N + 2; i += 2) {
437 Blowfish_encipher(c, &datal, &datar);
438
439 c->P[i] = datal;
440 c->P[i + 1] = datar;
441 }
442
443 for (i = 0; i < 4; i++) {
444 for (k = 0; k < 256; k += 2) {
445 Blowfish_encipher(c, &datal, &datar);
446
447 c->S[i][k] = datal;
448 c->S[i][k + 1] = datar;
449 }
450 }
451}
452
453
454void
455Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
456 const u_int8_t *key, u_int16_t keybytes)
457{
458 u_int16_t i;
459 u_int16_t j;
460 u_int16_t k;
461 u_int32_t temp;
462 u_int32_t datal;
463 u_int32_t datar;
464
465 j = 0;
466 for (i = 0; i < BLF_N + 2; i++) {
467 /* Extract 4 int8 to 1 int32 from keystream */
468 temp = Blowfish_stream2word(key, keybytes, &j);
469 c->P[i] = c->P[i] ^ temp;
470 }
471
472 j = 0;
473 datal = 0x00000000;
474 datar = 0x00000000;
475 for (i = 0; i < BLF_N + 2; i += 2) {
476 datal ^= Blowfish_stream2word(data, databytes, &j);
477 datar ^= Blowfish_stream2word(data, databytes, &j);
478 Blowfish_encipher(c, &datal, &datar);
479
480 c->P[i] = datal;
481 c->P[i + 1] = datar;
482 }
483
484 for (i = 0; i < 4; i++) {
485 for (k = 0; k < 256; k += 2) {
486 datal ^= Blowfish_stream2word(data, databytes, &j);
487 datar ^= Blowfish_stream2word(data, databytes, &j);
488 Blowfish_encipher(c, &datal, &datar);
489
490 c->S[i][k] = datal;
491 c->S[i][k + 1] = datar;
492 }
493 }
494
495}
496
497void
498blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
499{
500 /* Initialize S-boxes and subkeys with Pi */
501 Blowfish_initstate(c);
502
503 /* Transform S-boxes and subkeys with key */
504 Blowfish_expand0state(c, k, len);
505}
506
507void
508blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
509{
510 u_int32_t *d;
511 u_int16_t i;
512
513 d = data;
514 for (i = 0; i < blocks; i++) {
515 Blowfish_encipher(c, d, d + 1);
516 d += 2;
517 }
518}
519
520void
521blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
522{
523 u_int32_t *d;
524 u_int16_t i;
525
526 d = data;
527 for (i = 0; i < blocks; i++) {
528 Blowfish_decipher(c, d, d + 1);
529 d += 2;
530 }
531}
532
533void
534blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
535{
536 u_int32_t l, r;
537 u_int32_t i;
538
539 for (i = 0; i < len; i += 8) {
540 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
541 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
542 Blowfish_encipher(c, &l, &r);
543 data[0] = l >> 24 & 0xff;
544 data[1] = l >> 16 & 0xff;
545 data[2] = l >> 8 & 0xff;
546 data[3] = l & 0xff;
547 data[4] = r >> 24 & 0xff;
548 data[5] = r >> 16 & 0xff;
549 data[6] = r >> 8 & 0xff;
550 data[7] = r & 0xff;
551 data += 8;
552 }
553}
554
555void
556blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
557{
558 u_int32_t l, r;
559 u_int32_t i;
560
561 for (i = 0; i < len; i += 8) {
562 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
563 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
564 Blowfish_decipher(c, &l, &r);
565 data[0] = l >> 24 & 0xff;
566 data[1] = l >> 16 & 0xff;
567 data[2] = l >> 8 & 0xff;
568 data[3] = l & 0xff;
569 data[4] = r >> 24 & 0xff;
570 data[5] = r >> 16 & 0xff;
571 data[6] = r >> 8 & 0xff;
572 data[7] = r & 0xff;
573 data += 8;
574 }
575}
576
577void
578blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
579{
580 u_int32_t l, r;
581 u_int32_t i, j;
582
583 for (i = 0; i < len; i += 8) {
584 for (j = 0; j < 8; j++)
585 data[j] ^= iv[j];
586 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
587 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
588 Blowfish_encipher(c, &l, &r);
589 data[0] = l >> 24 & 0xff;
590 data[1] = l >> 16 & 0xff;
591 data[2] = l >> 8 & 0xff;
592 data[3] = l & 0xff;
593 data[4] = r >> 24 & 0xff;
594 data[5] = r >> 16 & 0xff;
595 data[6] = r >> 8 & 0xff;
596 data[7] = r & 0xff;
597 iv = data;
598 data += 8;
599 }
600}
601
602void
603blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
604{
605 u_int32_t l, r;
606 u_int8_t *iv;
607 u_int32_t i, j;
608
609 iv = data + len - 16;
610 data = data + len - 8;
611 for (i = len - 8; i >= 8; i -= 8) {
612 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
613 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
614 Blowfish_decipher(c, &l, &r);
615 data[0] = l >> 24 & 0xff;
616 data[1] = l >> 16 & 0xff;
617 data[2] = l >> 8 & 0xff;
618 data[3] = l & 0xff;
619 data[4] = r >> 24 & 0xff;
620 data[5] = r >> 16 & 0xff;
621 data[6] = r >> 8 & 0xff;
622 data[7] = r & 0xff;
623 for (j = 0; j < 8; j++)
624 data[j] ^= iv[j];
625 iv -= 8;
626 data -= 8;
627 }
628 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
629 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
630 Blowfish_decipher(c, &l, &r);
631 data[0] = l >> 24 & 0xff;
632 data[1] = l >> 16 & 0xff;
633 data[2] = l >> 8 & 0xff;
634 data[3] = l & 0xff;
635 data[4] = r >> 24 & 0xff;
636 data[5] = r >> 16 & 0xff;
637 data[6] = r >> 8 & 0xff;
638 data[7] = r & 0xff;
639 for (j = 0; j < 8; j++)
640 data[j] ^= iva[j];
641}
642
643#if 0
644void
645report(u_int32_t data[], u_int16_t len)
646{
647 u_int16_t i;
648 for (i = 0; i < len; i += 2)
649 printf("Block %0hd: %08lx %08lx.\n",
650 i / 2, data[i], data[i + 1]);
651}
652void
653main(void)
654{
655
656 blf_ctx c;
657 char key[] = "AAAAA";
658 char key2[] = "abcdefghijklmnopqrstuvwxyz";
659
660 u_int32_t data[10];
661 u_int32_t data2[] =
662 {0x424c4f57l, 0x46495348l};
663
664 u_int16_t i;
665
666 /* First test */
667 for (i = 0; i < 10; i++)
668 data[i] = i;
669
670 blf_key(&c, (u_int8_t *) key, 5);
671 blf_enc(&c, data, 5);
672 blf_dec(&c, data, 1);
673 blf_dec(&c, data + 2, 4);
674 printf("Should read as 0 - 9.\n");
675 report(data, 10);
676
677 /* Second test */
678 blf_key(&c, (u_int8_t *) key2, strlen(key2));
679 blf_enc(&c, data2, 1);
680 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
681 report(data2, 2);
682 blf_dec(&c, data2, 1);
683 report(data2, 2);
684}
685#endif
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
deleted file mode 100644
index 8415f28b9b..0000000000
--- a/src/lib/libc/crypt/crypt.3
+++ /dev/null
@@ -1,325 +0,0 @@
1.\" $OpenBSD: crypt.3,v 1.28 2012/06/02 00:14:16 guenther Exp $
2.\"
3.\" FreeSec: libcrypt
4.\"
5.\" Copyright (c) 1994 David Burren
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the
15.\" documentation and/or other materials provided with the distribution.
16.\" 4. Neither the name of the author nor the names of other contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" Manual page, using -mandoc macros
33.\"
34.Dd $Mdocdate: June 2 2012 $
35.Dt CRYPT 3
36.Os
37.Sh NAME
38.Nm crypt ,
39.Nm setkey ,
40.Nm encrypt ,
41.Nm des_setkey ,
42.Nm des_cipher ,
43.Nm bcrypt_gensalt ,
44.Nm bcrypt ,
45.Nm md5crypt
46.Nd DES encryption
47.Sh SYNOPSIS
48.Fd #include <stdlib.h>
49.Ft int
50.Fn setkey "const char *key"
51.Pp
52.Fd #include <unistd.h>
53.Ft char *
54.Fn crypt "const char *key" "const char *setting"
55.Ft int
56.Fn encrypt "char *block" "int flag"
57.Ft int
58.Fn des_setkey "const char *key"
59.Ft int
60.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count"
61.Ft char *
62.Fn bcrypt_gensalt "u_int8_t log_rounds"
63.Ft char *
64.Fn bcrypt "const char *key" "const char *salt"
65.Ft char *
66.Fn md5crypt "const char *key" "const char *salt"
67.Sh DESCRIPTION
68The
69.Fn crypt
70function performs password encryption based on the
71.Tn NBS
72Data Encryption Standard (DES).
73Additional code has been added to deter key search attempts and to use
74stronger hashing algorithms.
75.Pp
76The first argument to
77.Fn crypt
78is a
79.Dv NUL Ns -terminated
80string, typically a user's typed password.
81The second is in one of three forms:
82if it begins with an underscore
83.Pq Ql _
84then an extended format is used
85in interpreting both the key and the setting, as outlined below.
86If it begins
87with a string character
88.Pq Ql $
89and a number then a different algorithm is used depending on the number.
90At the moment a
91.Ql $1
92chooses MD5 hashing and a
93.Ql $2
94chooses Blowfish hashing; see below for more information.
95.Ss Extended crypt
96The
97.Ar key
98is divided into groups of 8 characters (the last group is null-padded)
99and the low-order 7 bits of each character (56 bits per group) are
100used to form the DES key as follows:
101the first group of 56 bits becomes the initial DES key.
102For each additional group, the XOR of the encryption of the current DES
103key with itself and the group bits becomes the next DES key.
104.Pp
105The setting is a 9-character array consisting of an underscore followed
106by 4 bytes of iteration count and 4 bytes of salt.
107These are encoded as printable characters, 6 bits per character,
108least significant character first.
109The values 0 to 63 are encoded as
110.Dq \&./0-9A-Za-z .
111This allows 24 bits for both
112.Fa count
113and
114.Fa salt .
115.Ss "MD5" crypt
116For
117.Tn MD5
118crypt the version number,
119.Fa salt
120and the hashed password are separated by the
121.Ql $
122character.
123The maximum length of a password is limited by
124the length counter of the MD5 context, which is about
1252**64.
126A valid MD5 password entry looks like this:
127.Pp
128.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 .
129.Pp
130The whole MD5 password string is passed as
131.Fa setting
132for interpretation.
133.Ss "Blowfish" crypt
134The
135.Tn Blowfish
136version of crypt has 128 bits of
137.Fa salt
138in order to make building dictionaries of common passwords space consuming.
139The initial state of the
140.Tn Blowfish
141cipher is expanded using the
142.Fa salt
143and the
144.Fa password
145repeating the process a variable number of rounds, which is encoded in
146the password string.
147The maximum password length is 72.
148The final Blowfish password entry is created by encrypting the string
149.Pp
150.Dq OrpheanBeholderScryDoubt
151.Pp
152with the
153.Tn Blowfish
154state 64 times.
155.Pp
156The version number, the logarithm of the number of rounds and
157the concatenation of salt and hashed password are separated by the
158.Ql $
159character.
160An encoded
161.Sq 8
162would specify 256 rounds.
163A valid Blowfish password looks like this:
164.Pp
165.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC .
166.Pp
167The whole Blowfish password string is passed as
168.Fa setting
169for interpretation.
170.Ss "Traditional" crypt
171The first 8 bytes of the key are null-padded, and the low-order 7 bits of
172each character is used to form the 56-bit
173.Tn DES
174key.
175.Pp
176The setting is a 2-character array of the ASCII-encoded salt.
177Thus only 12 bits of
178.Fa salt
179are used.
180.Fa count
181is set to 25.
182.Ss DES Algorithm
183The
184.Fa salt
185introduces disorder in the
186.Tn DES
187algorithm in one of 16777216 or 4096 possible ways
188(i.e., with 24 or 12 bits: if bit
189.Em i
190of the
191.Ar salt
192is set, then bits
193.Em i
194and
195.Em i+24
196are swapped in the
197.Tn DES
198E-box output).
199.Pp
200The DES key is used to encrypt a 64-bit constant using
201.Ar count
202iterations of
203.Tn DES .
204The value returned is a
205.Dv NUL Ns -terminated
206string, 20 or 13 bytes (plus NUL) in length, consisting of the
207.Ar setting
208followed by the encoded 64-bit encryption.
209.Pp
210The functions
211.Fn encrypt ,
212.Fn setkey ,
213.Fn des_setkey ,
214and
215.Fn des_cipher
216provide access to the
217.Tn DES
218algorithm itself.
219.Fn setkey
220is passed a 64-byte array of binary values (numeric 0 or 1).
221A 56-bit key is extracted from this array by dividing the
222array into groups of 8, and ignoring the last bit in each group.
223That bit is reserved for a byte parity check by DES, but is ignored
224by these functions.
225.Pp
226The
227.Fa block
228argument to
229.Fn encrypt
230is also a 64-byte array of binary values.
231If the value of
232.Fa flag
233is 0,
234.Fa block
235is encrypted otherwise it is decrypted.
236The result is returned in the original array
237.Fa block
238after using the key specified by
239.Fn setkey
240to process it.
241.Pp
242The argument to
243.Fn des_setkey
244is a character array of length 8.
245The least significant bit (the parity bit) in each character is ignored,
246and the remaining bits are concatenated to form a 56-bit key.
247The function
248.Fn des_cipher
249encrypts (or decrypts if
250.Fa count
251is negative) the 64-bits stored in the 8 characters at
252.Fa in
253using
254.Xr abs 3
255of
256.Fa count
257iterations of
258.Tn DES
259and stores the 64-bit result in the 8 characters at
260.Fa out
261(which may be the same as
262.Fa in ) .
263The
264.Fa salt
265specifies perturbations to the
266.Tn DES
267E-box output as described above.
268.Pp
269The
270.Fn crypt ,
271.Fn setkey ,
272and
273.Fn des_setkey
274functions all manipulate the same key space.
275.Sh RETURN VALUES
276The function
277.Fn crypt
278returns a pointer to the encrypted value on success, and
279.Dv NULL
280on failure.
281The functions
282.Fn setkey ,
283.Fn encrypt ,
284.Fn des_setkey ,
285and
286.Fn des_cipher
287return 0 on success and 1 on failure.
288.Sh SEE ALSO
289.Xr login 1 ,
290.Xr passwd 1 ,
291.Xr blowfish 3 ,
292.Xr getpass 3 ,
293.Xr md5 3 ,
294.Xr passwd 5
295.Sh HISTORY
296A rotor-based
297.Fn crypt
298function appeared in
299.At v3 .
300The current style
301.Fn crypt
302first appeared in
303.At v7 .
304.Pp
305This library (FreeSec 1.0) was developed outside the United States of America
306as an unencumbered replacement for the U.S.-only libcrypt encryption
307library.
308Programs linked against the
309.Fn crypt
310interface may be exported from the U.S.A. only if they use
311.Fn crypt
312solely for authentication purposes and avoid use of
313the other programmer interfaces listed above.
314Special care has been taken
315in the library so that programs which only use the
316.Fn crypt
317interface do not pull in the other components.
318.Sh AUTHORS
319.An David Burren Aq davidb@werj.com.au
320.Sh BUGS
321The
322.Fn crypt
323function returns a pointer to static data, and subsequent calls to
324.Fn crypt
325will modify the same object.
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
deleted file mode 100644
index 15a784532d..0000000000
--- a/src/lib/libc/crypt/crypt.c
+++ /dev/null
@@ -1,696 +0,0 @@
1/* $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 */
48
49#include <sys/types.h>
50#include <sys/param.h>
51#include <pwd.h>
52#include <unistd.h>
53#include <string.h>
54
55#ifdef DEBUG
56# include <stdio.h>
57#endif
58
59static const u_char IP[64] = {
60 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
61 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
62 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
63 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
64};
65
66static u_char inv_key_perm[64];
67static u_char u_key_perm[56];
68static u_char const key_perm[56] = {
69 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
70 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
71 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
72 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
73};
74
75static const u_char key_shifts[16] = {
76 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
77};
78
79static u_char inv_comp_perm[56];
80static const u_char comp_perm[48] = {
81 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
82 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
83 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
84 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
85};
86
87/*
88 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
89 */
90
91static u_char u_sbox[8][64];
92static const u_char sbox[8][64] = {
93 {
94 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
95 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
96 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
97 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
98 },
99 {
100 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
101 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
102 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
103 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
104 },
105 {
106 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
107 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
108 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
109 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
110 },
111 {
112 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
113 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
114 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
115 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
116 },
117 {
118 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
119 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
120 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
121 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
122 },
123 {
124 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
125 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
126 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
127 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
128 },
129 {
130 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
131 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
132 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
133 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
134 },
135 {
136 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
137 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
138 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
139 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
140 }
141};
142
143static u_char un_pbox[32];
144static const u_char pbox[32] = {
145 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
146 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
147};
148
149const u_int32_t _des_bits32[32] =
150{
151 0x80000000, 0x40000000, 0x20000000, 0x10000000,
152 0x08000000, 0x04000000, 0x02000000, 0x01000000,
153 0x00800000, 0x00400000, 0x00200000, 0x00100000,
154 0x00080000, 0x00040000, 0x00020000, 0x00010000,
155 0x00008000, 0x00004000, 0x00002000, 0x00001000,
156 0x00000800, 0x00000400, 0x00000200, 0x00000100,
157 0x00000080, 0x00000040, 0x00000020, 0x00000010,
158 0x00000008, 0x00000004, 0x00000002, 0x00000001
159};
160
161const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
162
163static u_int32_t saltbits;
164static int32_t old_salt;
165static const u_int32_t *bits28, *bits24;
166static u_char init_perm[64], final_perm[64];
167static u_int32_t en_keysl[16], en_keysr[16];
168static u_int32_t de_keysl[16], de_keysr[16];
169int _des_initialised = 0;
170static u_char m_sbox[4][4096];
171static u_int32_t psbox[4][256];
172static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
173static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
174static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
175static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
176static u_int32_t old_rawkey0, old_rawkey1;
177
178static u_char ascii64[] =
179 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
180/* 0000000000111111111122222222223333333333444444444455555555556666 */
181/* 0123456789012345678901234567890123456789012345678901234567890123 */
182
183static __inline int
184ascii_to_bin(char ch)
185{
186 if (ch > 'z')
187 return(0);
188 if (ch >= 'a')
189 return(ch - 'a' + 38);
190 if (ch > 'Z')
191 return(0);
192 if (ch >= 'A')
193 return(ch - 'A' + 12);
194 if (ch > '9')
195 return(0);
196 if (ch >= '.')
197 return(ch - '.');
198 return(0);
199}
200
201void
202_des_init(void)
203{
204 int i, j, b, k, inbit, obit;
205 u_int32_t *p, *il, *ir, *fl, *fr;
206
207 old_rawkey0 = old_rawkey1 = 0;
208 saltbits = 0;
209 old_salt = 0;
210 bits24 = (bits28 = _des_bits32 + 4) + 4;
211
212 /*
213 * Invert the S-boxes, reordering the input bits.
214 */
215 for (i = 0; i < 8; i++)
216 for (j = 0; j < 64; j++) {
217 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
218 u_sbox[i][j] = sbox[i][b];
219 }
220
221 /*
222 * Convert the inverted S-boxes into 4 arrays of 8 bits.
223 * Each will handle 12 bits of the S-box input.
224 */
225 for (b = 0; b < 4; b++)
226 for (i = 0; i < 64; i++)
227 for (j = 0; j < 64; j++)
228 m_sbox[b][(i << 6) | j] =
229 (u_sbox[(b << 1)][i] << 4) |
230 u_sbox[(b << 1) + 1][j];
231
232 /*
233 * Set up the initial & final permutations into a useful form, and
234 * initialise the inverted key permutation.
235 */
236 for (i = 0; i < 64; i++) {
237 init_perm[final_perm[i] = IP[i] - 1] = i;
238 inv_key_perm[i] = 255;
239 }
240
241 /*
242 * Invert the key permutation and initialise the inverted key
243 * compression permutation.
244 */
245 for (i = 0; i < 56; i++) {
246 u_key_perm[i] = key_perm[i] - 1;
247 inv_key_perm[key_perm[i] - 1] = i;
248 inv_comp_perm[i] = 255;
249 }
250
251 /*
252 * Invert the key compression permutation.
253 */
254 for (i = 0; i < 48; i++) {
255 inv_comp_perm[comp_perm[i] - 1] = i;
256 }
257
258 /*
259 * Set up the OR-mask arrays for the initial and final permutations,
260 * and for the key initial and compression permutations.
261 */
262 for (k = 0; k < 8; k++) {
263 for (i = 0; i < 256; i++) {
264 *(il = &ip_maskl[k][i]) = 0;
265 *(ir = &ip_maskr[k][i]) = 0;
266 *(fl = &fp_maskl[k][i]) = 0;
267 *(fr = &fp_maskr[k][i]) = 0;
268 for (j = 0; j < 8; j++) {
269 inbit = 8 * k + j;
270 if (i & _des_bits8[j]) {
271 if ((obit = init_perm[inbit]) < 32)
272 *il |= _des_bits32[obit];
273 else
274 *ir |= _des_bits32[obit-32];
275 if ((obit = final_perm[inbit]) < 32)
276 *fl |= _des_bits32[obit];
277 else
278 *fr |= _des_bits32[obit - 32];
279 }
280 }
281 }
282 for (i = 0; i < 128; i++) {
283 *(il = &key_perm_maskl[k][i]) = 0;
284 *(ir = &key_perm_maskr[k][i]) = 0;
285 for (j = 0; j < 7; j++) {
286 inbit = 8 * k + j;
287 if (i & _des_bits8[j + 1]) {
288 if ((obit = inv_key_perm[inbit]) == 255)
289 continue;
290 if (obit < 28)
291 *il |= bits28[obit];
292 else
293 *ir |= bits28[obit - 28];
294 }
295 }
296 *(il = &comp_maskl[k][i]) = 0;
297 *(ir = &comp_maskr[k][i]) = 0;
298 for (j = 0; j < 7; j++) {
299 inbit = 7 * k + j;
300 if (i & _des_bits8[j + 1]) {
301 if ((obit=inv_comp_perm[inbit]) == 255)
302 continue;
303 if (obit < 24)
304 *il |= bits24[obit];
305 else
306 *ir |= bits24[obit - 24];
307 }
308 }
309 }
310 }
311
312 /*
313 * Invert the P-box permutation, and convert into OR-masks for
314 * handling the output of the S-box arrays setup above.
315 */
316 for (i = 0; i < 32; i++)
317 un_pbox[pbox[i] - 1] = i;
318
319 for (b = 0; b < 4; b++)
320 for (i = 0; i < 256; i++) {
321 *(p = &psbox[b][i]) = 0;
322 for (j = 0; j < 8; j++) {
323 if (i & _des_bits8[j])
324 *p |= _des_bits32[un_pbox[8 * b + j]];
325 }
326 }
327
328 _des_initialised = 1;
329}
330
331void
332_des_setup_salt(int32_t salt)
333{
334 u_int32_t obit, saltbit;
335 int i;
336
337 if (salt == old_salt)
338 return;
339 old_salt = salt;
340
341 saltbits = 0;
342 saltbit = 1;
343 obit = 0x800000;
344 for (i = 0; i < 24; i++) {
345 if (salt & saltbit)
346 saltbits |= obit;
347 saltbit <<= 1;
348 obit >>= 1;
349 }
350}
351
352int
353des_setkey(const char *key)
354{
355 u_int32_t k0, k1, rawkey0, rawkey1;
356 int shifts, round;
357
358 if (!_des_initialised)
359 _des_init();
360
361 rawkey0 = ntohl(*(u_int32_t *) key);
362 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
363
364 if ((rawkey0 | rawkey1)
365 && rawkey0 == old_rawkey0
366 && rawkey1 == old_rawkey1) {
367 /*
368 * Already setup for this key.
369 * This optimisation fails on a zero key (which is weak and
370 * has bad parity anyway) in order to simplify the starting
371 * conditions.
372 */
373 return(0);
374 }
375 old_rawkey0 = rawkey0;
376 old_rawkey1 = rawkey1;
377
378 /*
379 * Do key permutation and split into two 28-bit subkeys.
380 */
381 k0 = key_perm_maskl[0][rawkey0 >> 25]
382 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
383 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
384 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
385 | key_perm_maskl[4][rawkey1 >> 25]
386 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
387 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
388 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
389 k1 = key_perm_maskr[0][rawkey0 >> 25]
390 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
391 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
392 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
393 | key_perm_maskr[4][rawkey1 >> 25]
394 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
395 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
396 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
397 /*
398 * Rotate subkeys and do compression permutation.
399 */
400 shifts = 0;
401 for (round = 0; round < 16; round++) {
402 u_int32_t t0, t1;
403
404 shifts += key_shifts[round];
405
406 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
407 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
408
409 de_keysl[15 - round] =
410 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
411 | comp_maskl[1][(t0 >> 14) & 0x7f]
412 | comp_maskl[2][(t0 >> 7) & 0x7f]
413 | comp_maskl[3][t0 & 0x7f]
414 | comp_maskl[4][(t1 >> 21) & 0x7f]
415 | comp_maskl[5][(t1 >> 14) & 0x7f]
416 | comp_maskl[6][(t1 >> 7) & 0x7f]
417 | comp_maskl[7][t1 & 0x7f];
418
419 de_keysr[15 - round] =
420 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
421 | comp_maskr[1][(t0 >> 14) & 0x7f]
422 | comp_maskr[2][(t0 >> 7) & 0x7f]
423 | comp_maskr[3][t0 & 0x7f]
424 | comp_maskr[4][(t1 >> 21) & 0x7f]
425 | comp_maskr[5][(t1 >> 14) & 0x7f]
426 | comp_maskr[6][(t1 >> 7) & 0x7f]
427 | comp_maskr[7][t1 & 0x7f];
428 }
429 return(0);
430}
431
432int
433_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out,
434 int count)
435{
436 /*
437 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
438 */
439 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
440 u_int32_t f, r48l, r48r;
441 int round;
442
443 if (count == 0) {
444 return(1);
445 } else if (count > 0) {
446 /*
447 * Encrypting
448 */
449 kl1 = en_keysl;
450 kr1 = en_keysr;
451 } else {
452 /*
453 * Decrypting
454 */
455 count = -count;
456 kl1 = de_keysl;
457 kr1 = de_keysr;
458 }
459
460 /*
461 * Do initial permutation (IP).
462 */
463 l = ip_maskl[0][l_in >> 24]
464 | ip_maskl[1][(l_in >> 16) & 0xff]
465 | ip_maskl[2][(l_in >> 8) & 0xff]
466 | ip_maskl[3][l_in & 0xff]
467 | ip_maskl[4][r_in >> 24]
468 | ip_maskl[5][(r_in >> 16) & 0xff]
469 | ip_maskl[6][(r_in >> 8) & 0xff]
470 | ip_maskl[7][r_in & 0xff];
471 r = ip_maskr[0][l_in >> 24]
472 | ip_maskr[1][(l_in >> 16) & 0xff]
473 | ip_maskr[2][(l_in >> 8) & 0xff]
474 | ip_maskr[3][l_in & 0xff]
475 | ip_maskr[4][r_in >> 24]
476 | ip_maskr[5][(r_in >> 16) & 0xff]
477 | ip_maskr[6][(r_in >> 8) & 0xff]
478 | ip_maskr[7][r_in & 0xff];
479
480 while (count--) {
481 /*
482 * Do each round.
483 */
484 kl = kl1;
485 kr = kr1;
486 round = 16;
487 while (round--) {
488 /*
489 * Expand R to 48 bits (simulate the E-box).
490 */
491 r48l = ((r & 0x00000001) << 23)
492 | ((r & 0xf8000000) >> 9)
493 | ((r & 0x1f800000) >> 11)
494 | ((r & 0x01f80000) >> 13)
495 | ((r & 0x001f8000) >> 15);
496
497 r48r = ((r & 0x0001f800) << 7)
498 | ((r & 0x00001f80) << 5)
499 | ((r & 0x000001f8) << 3)
500 | ((r & 0x0000001f) << 1)
501 | ((r & 0x80000000) >> 31);
502 /*
503 * Do salting for crypt() and friends, and
504 * XOR with the permuted key.
505 */
506 f = (r48l ^ r48r) & saltbits;
507 r48l ^= f ^ *kl++;
508 r48r ^= f ^ *kr++;
509 /*
510 * Do sbox lookups (which shrink it back to 32 bits)
511 * and do the pbox permutation at the same time.
512 */
513 f = psbox[0][m_sbox[0][r48l >> 12]]
514 | psbox[1][m_sbox[1][r48l & 0xfff]]
515 | psbox[2][m_sbox[2][r48r >> 12]]
516 | psbox[3][m_sbox[3][r48r & 0xfff]];
517 /*
518 * Now that we've permuted things, complete f().
519 */
520 f ^= l;
521 l = r;
522 r = f;
523 }
524 r = l;
525 l = f;
526 }
527 /*
528 * Do final permutation (inverse of IP).
529 */
530 *l_out = fp_maskl[0][l >> 24]
531 | fp_maskl[1][(l >> 16) & 0xff]
532 | fp_maskl[2][(l >> 8) & 0xff]
533 | fp_maskl[3][l & 0xff]
534 | fp_maskl[4][r >> 24]
535 | fp_maskl[5][(r >> 16) & 0xff]
536 | fp_maskl[6][(r >> 8) & 0xff]
537 | fp_maskl[7][r & 0xff];
538 *r_out = fp_maskr[0][l >> 24]
539 | fp_maskr[1][(l >> 16) & 0xff]
540 | fp_maskr[2][(l >> 8) & 0xff]
541 | fp_maskr[3][l & 0xff]
542 | fp_maskr[4][r >> 24]
543 | fp_maskr[5][(r >> 16) & 0xff]
544 | fp_maskr[6][(r >> 8) & 0xff]
545 | fp_maskr[7][r & 0xff];
546 return(0);
547}
548
549int
550des_cipher(const char *in, char *out, int32_t salt, int count)
551{
552 u_int32_t l_out, r_out, rawl, rawr;
553 u_int32_t x[2];
554 int retval;
555
556 if (!_des_initialised)
557 _des_init();
558
559 _des_setup_salt(salt);
560
561 memcpy(x, in, sizeof x);
562 rawl = ntohl(x[0]);
563 rawr = ntohl(x[1]);
564 retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
565
566 x[0] = htonl(l_out);
567 x[1] = htonl(r_out);
568 memcpy(out, x, sizeof x);
569 return(retval);
570}
571
572char *
573crypt(const char *key, const char *setting)
574{
575 int i;
576 u_int32_t count, salt, l, r0, r1, keybuf[2];
577 u_char *p, *q;
578 static u_char output[21];
579 extern char *md5crypt(const char *, const char *);
580 extern char *bcrypt(const char *, const char *);
581
582 if (setting[0] == '$') {
583 switch (setting[1]) {
584 case '1':
585 return (md5crypt(key, setting));
586 default:
587 return bcrypt(key, setting);
588 }
589 }
590
591 if (!_des_initialised)
592 _des_init();
593
594 /*
595 * Copy the key, shifting each character up by one bit
596 * and padding with zeros.
597 */
598 q = (u_char *) keybuf;
599 while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
600 if ((*q++ = *key << 1))
601 key++;
602 }
603 if (des_setkey((char *) keybuf))
604 return(NULL);
605
606 if (*setting == _PASSWORD_EFMT1) {
607 /*
608 * "new"-style:
609 * setting - underscore, 4 bytes of count, 4 bytes of salt
610 * key - unlimited characters
611 */
612 for (i = 1, count = 0; i < 5; i++)
613 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
614
615 for (i = 5, salt = 0; i < 9; i++)
616 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
617
618 while (*key) {
619 /*
620 * Encrypt the key with itself.
621 */
622 if (des_cipher((char *)keybuf, (char *)keybuf, 0, 1))
623 return(NULL);
624 /*
625 * And XOR with the next 8 characters of the key.
626 */
627 q = (u_char *) keybuf;
628 while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
629 *key)
630 *q++ ^= *key++ << 1;
631
632 if (des_setkey((char *) keybuf))
633 return(NULL);
634 }
635 strlcpy((char *)output, setting, 10);
636
637 /*
638 * Double check that we weren't given a short setting.
639 * If we were, the above code will probably have created
640 * weird values for count and salt, but we don't really care.
641 * Just make sure the output string doesn't have an extra
642 * NUL in it.
643 */
644 p = output + strlen((const char *)output);
645 } else {
646 /*
647 * "old"-style:
648 * setting - 2 bytes of salt
649 * key - up to 8 characters
650 */
651 count = 25;
652
653 salt = (ascii_to_bin(setting[1]) << 6)
654 | ascii_to_bin(setting[0]);
655
656 output[0] = setting[0];
657 /*
658 * If the encrypted password that the salt was extracted from
659 * is only 1 character long, the salt will be corrupted. We
660 * need to ensure that the output string doesn't have an extra
661 * NUL in it!
662 */
663 output[1] = setting[1] ? setting[1] : output[0];
664
665 p = output + 2;
666 }
667 _des_setup_salt(salt);
668
669 /*
670 * Do it.
671 */
672 if (_des_do_des(0, 0, &r0, &r1, count))
673 return(NULL);
674 /*
675 * Now encode the result...
676 */
677 l = (r0 >> 8);
678 *p++ = ascii64[(l >> 18) & 0x3f];
679 *p++ = ascii64[(l >> 12) & 0x3f];
680 *p++ = ascii64[(l >> 6) & 0x3f];
681 *p++ = ascii64[l & 0x3f];
682
683 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
684 *p++ = ascii64[(l >> 18) & 0x3f];
685 *p++ = ascii64[(l >> 12) & 0x3f];
686 *p++ = ascii64[(l >> 6) & 0x3f];
687 *p++ = ascii64[l & 0x3f];
688
689 l = r1 << 2;
690 *p++ = ascii64[(l >> 12) & 0x3f];
691 *p++ = ascii64[(l >> 6) & 0x3f];
692 *p++ = ascii64[l & 0x3f];
693 *p = 0;
694
695 return((char *)output);
696}
diff --git a/src/lib/libc/crypt/crypt2.c b/src/lib/libc/crypt/crypt2.c
deleted file mode 100644
index 63a297e510..0000000000
--- a/src/lib/libc/crypt/crypt2.c
+++ /dev/null
@@ -1,104 +0,0 @@
1/* $OpenBSD: crypt2.c,v 1.3 2005/08/08 08:05:33 espie Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 */
48
49#include <sys/types.h>
50#include <sys/param.h>
51#include <pwd.h>
52#include <unistd.h>
53#include <string.h>
54
55#ifdef DEBUG
56# include <stdio.h>
57#endif
58
59extern const u_char _des_bits8[8];
60extern const u_int32_t _des_bits32[32];
61extern int _des_initialised;
62
63int
64setkey(const char *key)
65{
66 int i, j;
67 u_int32_t packed_keys[2];
68 u_char *p;
69
70 p = (u_char *) packed_keys;
71
72 for (i = 0; i < 8; i++) {
73 p[i] = 0;
74 for (j = 0; j < 8; j++)
75 if (*key++ & 1)
76 p[i] |= _des_bits8[j];
77 }
78 return(des_setkey((char *)p));
79}
80
81int
82encrypt(char *block, int flag)
83{
84 u_int32_t io[2];
85 u_char *p;
86 int i, j, retval;
87
88 if (!_des_initialised)
89 _des_init();
90
91 _des_setup_salt(0);
92 p = (u_char *)block;
93 for (i = 0; i < 2; i++) {
94 io[i] = 0L;
95 for (j = 0; j < 32; j++)
96 if (*p++ & 1)
97 io[i] |= _des_bits32[j];
98 }
99 retval = _des_do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
100 for (i = 0; i < 2; i++)
101 for (j = 0; j < 32; j++)
102 block[(i << 5) | j] = (io[i] & _des_bits32[j]) ? 1 : 0;
103 return(retval);
104}
diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c
deleted file mode 100644
index b32cd2115f..0000000000
--- a/src/lib/libc/crypt/md5crypt.c
+++ /dev/null
@@ -1,149 +0,0 @@
1/* $OpenBSD: md5crypt.c,v 1.15 2009/10/31 13:29:07 sobrado Exp $ */
2
3/*
4 * ----------------------------------------------------------------------------
5 * "THE BEER-WARE LICENSE" (Revision 42):
6 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
7 * can do whatever you want with this stuff. If we meet some day, and you think
8 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
9 * ----------------------------------------------------------------------------
10 *
11 * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $
12 *
13 */
14
15#include <unistd.h>
16#include <stdio.h>
17#include <string.h>
18#include <md5.h>
19#include <string.h>
20
21static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
22 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
23
24static void to64(char *, u_int32_t, int);
25
26static void
27to64(char *s, u_int32_t v, int n)
28{
29 while (--n >= 0) {
30 *s++ = itoa64[v&0x3f];
31 v >>= 6;
32 }
33}
34
35/*
36 * UNIX password
37 *
38 * Use MD5 for what it is best at...
39 */
40
41char *md5crypt(const char *pw, const char *salt);
42
43char *
44md5crypt(const char *pw, const char *salt)
45{
46 /*
47 * This string is magic for this algorithm. Having
48 * it this way, we can get get better later on
49 */
50 static unsigned char *magic = (unsigned char *)"$1$";
51
52 static char passwd[120], *p;
53 static const unsigned char *sp,*ep;
54 unsigned char final[16];
55 int sl,pl,i;
56 MD5_CTX ctx,ctx1;
57 u_int32_t l;
58
59 /* Refine the Salt first */
60 sp = (const unsigned char *)salt;
61
62 /* If it starts with the magic string, then skip that */
63 if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
64 sp += strlen((const char *)magic);
65
66 /* It stops at the first '$', max 8 chars */
67 for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
68 continue;
69
70 /* get the length of the true salt */
71 sl = ep - sp;
72
73 MD5Init(&ctx);
74
75 /* The password first, since that is what is most unknown */
76 MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
77
78 /* Then our magic string */
79 MD5Update(&ctx,magic,strlen((const char *)magic));
80
81 /* Then the raw salt */
82 MD5Update(&ctx,sp,sl);
83
84 /* Then just as many characters of the MD5(pw,salt,pw) */
85 MD5Init(&ctx1);
86 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
87 MD5Update(&ctx1,sp,sl);
88 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
89 MD5Final(final,&ctx1);
90 for(pl = strlen(pw); pl > 0; pl -= 16)
91 MD5Update(&ctx,final,pl>16 ? 16 : pl);
92
93 /* Don't leave anything around in vm they could use. */
94 memset(final,0,sizeof final);
95
96 /* Then something really weird... */
97 for (i = strlen(pw); i ; i >>= 1)
98 if(i&1)
99 MD5Update(&ctx, final, 1);
100 else
101 MD5Update(&ctx, (const unsigned char *)pw, 1);
102
103 /* Now make the output string */
104 snprintf(passwd, sizeof(passwd), "%s%.*s$", (char *)magic,
105 sl, (const char *)sp);
106
107 MD5Final(final,&ctx);
108
109 /*
110 * and now, just to make sure things don't run too fast
111 * On a 60 MHz Pentium this takes 34 msec, so you would
112 * need 30 seconds to build a 1000 entry dictionary...
113 */
114 for(i=0;i<1000;i++) {
115 MD5Init(&ctx1);
116 if(i & 1)
117 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
118 else
119 MD5Update(&ctx1,final,16);
120
121 if(i % 3)
122 MD5Update(&ctx1,sp,sl);
123
124 if(i % 7)
125 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
126
127 if(i & 1)
128 MD5Update(&ctx1,final,16);
129 else
130 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
131 MD5Final(final,&ctx1);
132 }
133
134 p = passwd + strlen(passwd);
135
136 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
137 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
138 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
139 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
140 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
141 l = final[11] ; to64(p,l,2); p += 2;
142 *p = '\0';
143
144 /* Don't leave anything around in vm they could use. */
145 memset(final, 0, sizeof final);
146
147 return passwd;
148}
149
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 23:21:32 +0000